diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h index 805fbe7453..80aa74539f 100644 --- a/src/conf/nwfilter_conf.h +++ b/src/conf/nwfilter_conf.h @@ -556,6 +556,7 @@ typedef struct _virNWFilterDriverState virNWFilterDriverState; typedef virNWFilterDriverState *virNWFilterDriverStatePtr; struct _virNWFilterDriverState { virMutex lock; + bool privileged; virNWFilterObjList nwfilters; diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index ba148230c7..dda6da7d79 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -183,6 +183,7 @@ nwfilterDriverStartup(int privileged) goto err_free_driverstate; driverState->watchingFirewallD = (sysbus != NULL); + driverState->privileged = privileged; if (!privileged) return 0; @@ -279,6 +280,9 @@ nwfilterDriverReload(void) { return -1; } + if (!driverState->privileged) + return 0; + conn = virConnectOpen("qemu:///system"); if (conn) { @@ -358,21 +362,24 @@ nwfilterDriverShutdown(void) { if (!driverState) return -1; - virNWFilterConfLayerShutdown(); - virNWFilterTechDriversShutdown(); - virNWFilterDHCPSnoopShutdown(); - virNWFilterLearnShutdown(); - virNWFilterIPAddrMapShutdown(); + if (driverState->privileged) { + virNWFilterConfLayerShutdown(); + virNWFilterTechDriversShutdown(); + virNWFilterDHCPSnoopShutdown(); + virNWFilterLearnShutdown(); + virNWFilterIPAddrMapShutdown(); - nwfilterDriverLock(driverState); + nwfilterDriverLock(driverState); - nwfilterDriverRemoveDBusMatches(); + nwfilterDriverRemoveDBusMatches(); - /* free inactive nwfilters */ - virNWFilterObjListFree(&driverState->nwfilters); + /* free inactive nwfilters */ + virNWFilterObjListFree(&driverState->nwfilters); + + VIR_FREE(driverState->configDir); + nwfilterDriverUnlock(driverState); + } - VIR_FREE(driverState->configDir); - nwfilterDriverUnlock(driverState); virMutexDestroy(&driverState->lock); VIR_FREE(driverState);